Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What does the number of files means in Files & Directories Monitor and where does it come from?

ips_mandar
Builder
‎07-15-2019 03:25 AM

Hi,
I am monitoring zip files from folders with below inputs.conf:
What does the number of files denote shown in the screenshot?
Does that mean the number of files indexed or the number of files only monitored since I am giving ignoreOlderThan in inputs.conf?

[monitor://\\abcstoragen\PQRS\XYZ\(AbcdLogs|ABLogs)*\...\*.zip]
disabled = 0
index = abc
sourcetype = pqr
ignoreOlderThan = 3d
crcSalt = <SOURCE>

A number of files shows high count but yet no file is indexed and it is increasing since recently I created a new input.
Thanks!
alt text

Preview file
28 KB
Reply

woodcock
Esteemed Legend
‎07-28-2019 04:51 AM

I would open a support case and also ask them to update the docs on this because it does different things for different types of inputs. For example, the Splunk_TA_nix has an input for /var/log/secure and this screen shows a value of 144 even though it only contains the exact file and 4 rotated files. This makes no sense.

0 Karma
Reply

Azeemering
Builder
‎07-16-2019 03:51 AM

Did you find this?

https://answers.splunk.com/answers/457038/what-does-the-number-of-files-in-the-data-inputs-f.html

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...